cnvd - cnvd-2018-08798

CNVD-2018-08798

Vulnerability from cnvd - Published: 2018-05-03

Title

Microsoft Windows SNMP服务拒绝服务漏洞

Description

Microsoft Windows 10等都是美国微软（Microsoft）公司发布的一系列操作系统。Windows SNMP Service是其中的一个SNMP（简单网络管理协议）服务。 Microsoft Windows SNMP Service中存在拒绝服务漏洞。攻击者可通过发送畸形的SNMP trap请求利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Microsoft Windows SNMP服务拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967

Reference

https://www.securityfocus.com/bid/103652

Impacted products

Name
['Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows 10', 'Microsoft Windows Server 2016', 'Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows Server 1709']

Name

['Microsoft Windows Server 2008 SP2', 'Microsoft Windows 7 SP1', 'Microsoft Windows Windows Server 2012', 'Microsoft Windows 8.1', 'Microsoft Windows RT 8.1 SP0', 'Microsoft Windows Server 2012 R2', 'Microsoft Windows 10', 'Microsoft Windows Server 2016', 'Microsoft Windows Server 2008 R2 SP1', 'Microsoft Windows 10 1511', 'Microsoft Windows 10 1607', 'Microsoft Windows 10 1703', 'Microsoft Windows 10 1709', 'Microsoft Windows Server 1709']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103652"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0967"
    }
  },
  "description": "Microsoft Windows 10\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\u3002Windows SNMP Service\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSNMP\uff08\u7b80\u5355\u7f51\u7edc\u7ba1\u7406\u534f\u8bae\uff09\u670d\u52a1\u3002\r\n\r\nMicrosoft Windows SNMP Service\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7578\u5f62\u7684SNMP trap\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-08798",
  "openTime": "2018-05-03",
  "patchDescription": "Microsoft Windows 10\u7b49\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u53d1\u5e03\u7684\u4e00\u7cfb\u5217\u64cd\u4f5c\u7cfb\u7edf\u3002Windows SNMP Service\u662f\u5176\u4e2d\u7684\u4e00\u4e2aSNMP\uff08\u7b80\u5355\u7f51\u7edc\u7ba1\u7406\u534f\u8bae\uff09\u670d\u52a1\u3002\r\n\r\nMicrosoft Windows SNMP Service\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7578\u5f62\u7684SNMP trap\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Windows SNMP\u670d\u52a1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2008 SP2",
      "Microsoft Windows 7 SP1",
      "Microsoft Windows Windows Server 2012",
      "Microsoft Windows 8.1",
      "Microsoft Windows RT 8.1 SP0",
      "Microsoft Windows Server 2012 R2",
      "Microsoft Windows 10",
      "Microsoft Windows Server 2016",
      "Microsoft Windows Server 2008 R2  SP1",
      "Microsoft Windows 10 1511",
      "Microsoft Windows 10 1607",
      "Microsoft Windows 10 1703",
      "Microsoft Windows 10 1709",
      "Microsoft Windows Server 1709"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/103652",
  "serverity": "\u4e2d",
  "submitTime": "2018-04-12",
  "title": "Microsoft Windows SNMP\u670d\u52a1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0967 (GCVE-0-2018-0967)

Vulnerability from cvelistv5 – Published: 2018-04-12 01:00 – Updated: 2024-08-05 03:44

Summary

A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/103652	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040659	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967"
          },
          {
            "name": "103652",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103652"
          },
          {
            "name": "1040659",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040659"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka \"Windows SNMP Service Denial of Service Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-12T09:57:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967"
        },
        {
          "name": "103652",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103652"
        },
        {
          "name": "1040659",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040659"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-0967",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka \"Windows SNMP Service Denial of Service Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0967"
            },
            {
              "name": "103652",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103652"
            },
            {
              "name": "1040659",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040659"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-0967",
    "datePublished": "2018-04-12T01:00:00",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-08-05T03:44:11.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-08798

CVE-2018-0967 (GCVE-0-2018-0967)

Tags

Sightings

Nomenclature